我是SSO和SAML的新手。我们必须使用ADFS 2.0在我们的客户站点上设置单点登录,我们成功地做到了这一点,当我们尝试访问+ (RKEntityMapping *)mapping
{
RKEntityMapping *entityMapping = [RKEntityMapping mappingForEntityForName:[self entityName]
inManagedObjectStore:[RKManagedObjectStore defaultStore]];
[entityMapping addAttributeMappingsFromDictionary:@{
@"id": @"userId",
@"followingIds": @"followingIds",
@"username": @"username",
@"email": @"email",
@"profile.pro": @"pro",
@"profile.type": @"type",
@"profile.country": @"countryCode",
@"social.facebook": @"facebook",
@"social.youtube": @"youtube",
@"social.twitter": @"twitter",
@"social.instagram": @"instagram",
@"created": @"timestamp"
}];
entityMapping.identificationAttributes = @[ @"userId" ];
RKRelationshipMapping *relationship = [RKRelationshipMapping relationshipMappingFromKeyPath:@"medias" toKeyPath:@"medias" withMapping:[AOMedia mapping]];
relationship.assignmentPolicy = RKUnionAssignmentPolicy;
[entityMapping addPropertyMapping:relationship];
relationship = [RKRelationshipMapping relationshipMappingFromKeyPath:@"settings" toKeyPath:@"settings" withMapping:[AOSetting mapping]];
relationship.assignmentPolicy = RKUnionAssignmentPolicy;
[entityMapping addPropertyMapping:relationship];
[entityMapping addPropertyMapping:[RKRelationshipMapping relationshipMappingFromKeyPath:@"cover" toKeyPath:@"cover" withMapping:[AOMedia mapping]]];
[entityMapping addPropertyMapping:[RKRelationshipMapping relationshipMappingFromKeyPath:@"avatar" toKeyPath:@"avatar" withMapping:[AOMedia mapping]]];
[entityMapping addPropertyMapping:[RKRelationshipMapping relationshipMappingFromKeyPath:@"stats" toKeyPath:@"stats" withMapping:[AOUserStat mapping]]];
[entityMapping addPropertyMapping:[RKRelationshipMapping relationshipMappingFromKeyPath:@"likes" toKeyPath:@"likes" withMapping:[AOLike mapping]]];
[entityMapping addPropertyMapping:[RKRelationshipMapping relationshipMappingFromKeyPath:@"favorites" toKeyPath:@"favorites" withMapping:[AOFavorite mapping]]];
[entityMapping addConnectionForRelationship:@"followings" connectedBy:@{@"followingIds": @"userId"}];
[entityMapping setAssignsDefaultValueForMissingAttributes:YES];
return entityMapping;
}
时,它会重定向到客户站点,如果我们输入用户名和密码,它会带来返回../adfs/ls/idpinitiatedsignon.aspx页面,您已登录标签。当我使用SAML Tracer firefox插件检查http事务时,我可以看到idpinitiatedsignon.aspx即将来到<samlp:Response>,当我尝试访问our_site_name/adfs/ls/页面中的Request["SAMLResponse"]时,它显示为无。
idpinitiatedsignon.aspx而不是
到特定的页面?
samlp:response。我如何读取断言值?答案 0 :(得分:0)
我是从SAML而不是ADFS回答的。关于问题2,我希望你会收到一个名为SAML元数据的XML块,它描述了你客户的IDP。在该元数据中,我希望您会收到客户的公钥(2.4.1.1 Element KeyDescriptor)。除非有办法在工具中安装加密证书,否则我认为在SAML Tracer中解密是不可能的。我的团队使用了https://wiki.shibboleth.net/confluence/display/SHIB2/XmlSecTool提供的XmlSecTool来验证从SAML跟踪器中取出的XML签名,但我不知道是否有人有办法在浏览器中解密。如果您在ASDF级别更具体地询问,请原谅我。